CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47220 – Media Streaming add-on
https://notcve.org/view.php?id=CVE-2023-47220
03 May 2024 — An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later Se ha informado que una vulnerabilidad de inyección de comandos del sistema operativo afecta al complemento Media Streaming. Si se explota, la vulnerabilidad podría permitir a los administra... • https://www.qnap.com/en/security-advisory/qsa-24-15 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41290 – QuFirewall
https://notcve.org/view.php?id=CVE-2023-41290
26 Apr 2024 — A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: QuFirewall 2.4.1 ( 2024/02/01 ) and later Se ha informado que una vulnerabilidad de path traversal afecta a QuFirewall. Si se explota, la vulnerabilidad podría permitir a los administradores autenticados leer el contenid... • https://www.qnap.com/en/security-advisory/qsa-24-17 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41291 – QuFirewall
https://notcve.org/view.php?id=CVE-2023-41291
26 Apr 2024 — A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: QuFirewall 2.4.1 ( 2024/02/01 ) and later Se ha informado que una vulnerabilidad de path traversal afecta a QuFirewall. Si se explota, la vulnerabilidad podría permitir a los administradores autenticados leer el contenid... • https://www.qnap.com/en/security-advisory/qsa-24-17 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47222 – Media Streaming add-on
https://notcve.org/view.php?id=CVE-2023-47222
26 Apr 2024 — An exposure of sensitive information vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later Se ha informado que una vulnerabilidad de exposición de información confidencial afecta al complemento Media Streaming. Si se explota, la vulnerabilidad podría permitir a los usua... • https://www.qnap.com/en/security-advisory/qsa-24-15 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-50361 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2023-50361
26 Apr 2024 — A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later Se ha informado que una copia del búfer sin verificar el tamaño de la vulnerabilidad de entrada afecta a varias versiones del sistema op... • https://www.qnap.com/en/security-advisory/qsa-24-20 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-50362 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2023-50362
26 Apr 2024 — A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later Se ha informado que una copia del búfer sin verificar el tamaño de la vulnerabilidad de entrada afecta a varias versiones del sistema op... • https://www.qnap.com/en/security-advisory/qsa-24-20 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-50363 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2023-50363
26 Apr 2024 — An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later Se ha informado que una vulnerabilidad de autorización incorrecta afecta a varias versiones del sistema operativo QNAP. Si se explo... • https://www.qnap.com/en/security-advisory/qsa-24-20 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-50364 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2023-50364
26 Apr 2024 — A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later Se ha informado que una copia del búfer sin verificar el tamaño de la vulnerabilidad de entrada afecta a varias versiones del sistema op... • https://www.qnap.com/en/security-advisory/qsa-24-20 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •
CVSS: 8.7EPSS: 8%CPEs: 4EXPL: 0CVE-2023-51365 – QTS, QuTS hero, QuTScloud
https://notcve.org/view.php?id=CVE-2023-51365
26 Apr 2024 — A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later Se ha in... • https://www.qnap.com/en/security-advisory/qsa-24-14 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21905 – QTS, QuTS hero, QuTScloud
https://notcve.org/view.php?id=CVE-2024-21905
26 Apr 2024 — An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later Se ha informado que una vulnerabilidad de desbordamiento de enteros o envoltura afecta a varias versione... • https://www.qnap.com/en/security-advisory/qsa-24-16 • CWE-190: Integer Overflow or Wraparound •